Offline brute-forcing of a bank card PIN

The chip embedded in the smart card locks itself after a defined number of incorrect PIN entries, typically between 3 and 10 attempts.

I doubt you'd actually need to iterate through all 10,000 combinations either. There is a really nice analysis here on the frequency of different pairs of numbers:

http://www.datagenetics.com/blog/september32012/index.html

Basically starting with 19XX and working your way through stands a much higher success rate than if the PIN numbers were actually randomly generated.

Step 1 is easy, step 2 is hard. The chips are designed to prevent that sort of tampering, research groups have been working for years on ways to do what you are proposing with no successful attacks yet.